There is something about encryption that brings out the worst in journalists. Because to most of them it is magical, they are always searching desperately for the proverbial man behind the curtain, without knowing what to look for. Which may explain The Protector recent bizarre attack on WhatsApp, which they accused, incorrectly, of having a backdoor. And the security community erupted in rage.
To understand this story, why the Guardian was and is wrong, why they were forced to walk back their original backdoor headline, and why the security community is furious, youll need a little context. Sit down, my fairlies, and let me tell you a little infosec fable 😛 TAGEND
Once upon a time there was PGP, which stands for Pretty Good Privacy, and it was good and strong. So good and strong that after its creator, Phil Zimmerman, released its source code 25 years ago, the American government opened a criminal investigation against him for arms trafficking.( The case was subsequently dropped without indictment .)
For twenty years PGP was the gold standard of procure messaging. The NSA could not break it. Edward Snowden employed it. But it had serious flaws. For one, it lacked forward privacy; if your key was compromised, so was every message it had ever encrypted. For another, key exchange was/ is at best challenging.
But the worst thing about PGP, by far, is that it is fiendishly user-hostile, so merely hardcore hackers ever truly employed it.( The Snowden revelations were delayed by a month because he couldnt find a way to contact Glenn Greenwald securely .)
Just as the best workout routine is not the Rocks but, instead, one that you will actually stick to, the most secure messaging system is one that you will actually use. Whether we like it or not, usability is an essential aspect of security . Any procure systems which feign this is not true will fail from disuse.
Enter Signal, a mobile( and Chrome plug-in) procure messaging system. It is fast, slick, sexy, cross-platform, and battle-tested. It enforces highly secure end-to-end messaging with a ratchet protocol which provides perfect forward privacy. It is the choice of technically sophisticated, security-conscious people around the world. It is not perfect. No system is perfect. Every system involves compromises. But Signal is the best available alternative.
However, most of the world does not use Signal. Most of the world employs SMS, Facebook Messenger, and, especially, WhatsApp which, until recently, was much less secure. So the roll-out of the Signal protocol to WhatsApp, which commenced two years ago, was met with exulting. However, even though it employed the same protocol as Signal, the implementation was different. Its that difference which the Guardian, strangely and incorrectly, called a back door.
For the grotty details find A Trade-Off In Whatsapp Is Called A Backdoor by the EFF, There Is No Whatsapp Backdoor by Signal head honcho Moxie Marlinspike, WhatsApp Security Vulnerability by Bruce Schneier, and A look at how private messengers handle key changes by Tina Membe, to name a few.
The essential problem is that when the person or persons youre talking to gets a new telephone, or re-installs the app, theres no way to be instantly assured that the new installing is them. In theory, you should communicate with them over a different medium to substantiate they arent someone else pretending to be them; in a perfect world, you would use the tools Signal and WhatsApp provide to be mathematically certain of this. In practise, though, essentially nobody does this.
Signal, which was built for technically sophisticated users, refuses to send any new messages to a person whose identity seems to have changed, until and unless you explicitly tell it to do so. WhatsApp, which had an install base of approximately a billion users, the great majority of them anything but technically sophisticated, when it rolled out the Signal protocol decided that doing so would confuse their users and cause conversations to be lost, and that continuing to deliver messages was more important than attaining users explicitly ensure their security.
Whether they were right to do so is a thing about which reasonable people can disagree. Again, all messaging systems involve security compromises; and all messaging systems require that you trust somebody, sometimes. The Guardian was my newspaper of choice when I lived in the UK, and Ive written for even fooling myself, but it is deeply irresponsible journalism to suggest that a complex compromise with which some people disagree is a back entrance or a profound concealed vulnerability.
On one hand, WhatsApps implementation of the Signal protocol is less secure than Signals implementation. On the other, it is far most secure than their previous system and the only entity able to use this vulnerability to hack WhatsApp messages is WhatsApp itself, or an interloper who compromises WhatsApps systems. Furthermore, as Schneier points out, its an attack against existing and future messages, and not something that would allow the government to reach into the past. In that style, it is no more troubling than the government hacking your mobile phone and reading your WhatsApp conversations that way.
More to the point, though, WhatsApps users already have to trust WhatsApp. For all they actually, verifiably know, the app isnt implementing the Signal Protocol at all. They also have to trust Apple, Google, or whoever they downloaded the app from. They have to trust that no malware on their phone is registering their keytaps and taking surreptitious screenshots. They have to trust that the operating system provides the entropy the encryption algorithms need. You always have to trust somebody . Its inevitable. Even if you compile PGP from scratch, you cant come off its code line-by-line to be certain its secure and even if you did, what about the kernel? What about the compiler?
Real security design is about navigating the compromises between usability and security, deciding the sophistication and threat model of your users, choosing who you have to confidence and who you cant afford to. Signal attains compromises too in particular, its use of your phone number. Security design is a complex and ambiguous undertaking not made any easier by ignorant gotcha journalism that cant distinguish between an disputable compromise and a backdoor.
This is not an abstruse, theoretical issue: this hurts and jeopardizes real people, en masse. Saying Switch to Signal ignores the fact that most peoples contacts wont do so, so their de facto choice, if they need to communicate, is between WhatsApp and SMS and if you frighten them off the former, you scare them into the unbelievably vulnerable arms of the latter. Those at the Guardian responsible for this ugly mess have much to answer for. You dont need to take my word for it but you should take the word of this whos who of the security world.